Logo EJS
Open Day Contattaci
COMPRA I NOSTRI CORSI BELLISSIMI
Open dayContact Us

HOME > Informativa Privacy – Domanda di Immatricolazione

Privacy Notice

Enrollment Application

ENROLLMENT APPLICATION

Enrollment at Ferrari Fashion School S.r.l. and attendance and participation in courses, lessons and, in general, in Ferrari’s teaching activities entails the collection of information that constitutes personal data pursuant to Legislative Decree 196/2003, as amended (hereinafter the “Code”), as well as Regulation (EU) 2016/679 (hereinafter the “GDPR”). For this reason, all information on the processing of personal data related to the Competition is provided here.

1. DATA CONTROLLER

The Data Controller is Ferrari Fashion School S.r.l. with registered office at Via U. Visconti Di Modrone 2, 20122 Milan – Italy, VAT No. 12581670960 and Tax Code 08913130962 (hereinafter the “Controller” or “FFS”) and provides students (hereinafter, the “Students”) who complete the enrollment and registration application for courses, lessons and additional services offered by the Controller (hereinafter, the “Application”), with the privacy notice pursuant to art. 13 of the GDPR. The Controller may be contacted at any time using the following contact details: privacy@ferrarifashionschool.com or at the address indicated above. The Controller has not appointed a Data Protection Officer (DPO), as it is not subject to the appointment obligation provided for by art. 37 of the Regulation. The Controller is part of a group of companies (hereinafter, the “Group”), which designs and provides training in the business and education sectors.

2. DATA PROCESSED

Personal and Contact Data

Enrollment and attendance and participation in the Controller’s courses, lessons and, in general, teaching activities also require Students to provide – by completing the relevant enrollment and registration application – information such as name, surname, place and date of birth, nationality, residence/domicile, family income (ISEE), level of education and qualification (hereinafter the “Personal Data”), as well as telephone number and e-mail (hereinafter the “Contact Data”) and all further personal data contained in the identification documents attached to the enrollment and registration application. Such data are necessary for the valid formalization of the request for enrollment and registration for the services offered by the Controller. Furthermore, the Controller requires the Guarantor to provide – when completing this enrollment and registration application – their Personal Data.

Special Categories of Data

In the case of Students affected by specific learning disorders, disabilities or impairments, the Controller will acquire, in addition to the Personal Data and Contact Data necessary for enrollment, also certain data relating to the Student’s health status in order to grant them certain payment concessions, as well as for teaching purposes, including purposes related to logistical organization.

Images of students

In carrying out the teaching and training activities in which the Student is enrolled and registered, the Controller will acquire videos and/or images extracted from them, created by employees and collaborators of the Controller and/or by other students (hereinafter the “Materials”). The Materials may contain personal data suitable for being specifically associated with identified subjects and which, in any case, by their very nature, may allow the identification of the students and/or collaborators of the Controller. All personal data listed in this paragraph are hereinafter also defined as “Data”.

3. PURPOSES AND LEGAL BASIS OF THE PROCESSING

The Materials, Personal Data and Contact Data and, only in the case of a Student with specific learning disorders, disabilities and/or impairments, the Special Categories of Data relating to them provided, will be used exclusively for:

  1. the receipt, evaluation, acceptance of the enrollment and registration application submitted by the student and the full formalization thereof;
  2. access to forms of concessions and/or funding, based on ISEE, for the right to study and the calculation of school fees;
  3. access to and creation of a student profile on the Controller’s platform in accordance with the privacy policy of the platform itself;
  4. the sending and receiving of promotional communications and updates on the initiatives and activities of the Controller and/or other companies of the Group;
  5. the verification of the degree of satisfaction with the quality of the product/service provided, statistical and market research, studies, directly or through specialized companies, interviews or other means;
  6. direct sale and/or placement by the Controller of products and/or services, concessions and promotions of the Controller and/or other companies of the Group;
  7. to promote and manage placement initiatives;
  8. direct sale and/or placement by the Data Controller of products/services, concessions and promotions of the Data Controller and/or other companies of the Group, as well as third-party companies, through different sales channels or appointed third-party companies;
  9. with exclusive reference to the Materials, to disseminate the Materials themselves through publication and distribution, in any form, on the various communication channels of the Controller such as, by way of example only, posters and advertising pages, flyers, leaflets, annual reports, video, TV and web advertising spots, social networks as well as on the Controller’s website, also in the form of advertising, within the limits agreed by the Student by signing the Application;
  10. communication to companies belonging to the same Group for corporate and administrative needs.

The Controller also processes the Guarantor’s Data always within the limits in which this is necessary to manage the payment relating to the Application and to guarantee the obligations undertaken by the Student: this processing (xi) is subject, where relevant, to this privacy notice.

The legal basis on which the processing referred to in points (i), (ii), (iii), (ix) and (xi) is based is the performance of a contract to which the Student and the Guarantor, as data subjects, are party (the “Application”) and/or the implementation of pre-contractual measures adopted at the request of the data subjects (art. 6, paragraph 1, letter b of the GDPR); with reference to the processing referred to in points (iv), (v), (vi), (vii) and (viii), it is the consent of the Students enrolled with the Controller, given by ticking the relevant box in the section at the bottom of this notice (art. 6, paragraph 1, letter a) of the GDPR). As regards, instead, the processing referred to in point (x), the legal basis is the pursuit of the legitimate interest of the Controller, in line with Recital no. 48 GDPR according to which “Controllers that are part of a group of undertakings or institutions affiliated to a central body may have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ personal data […]”.

With regard to the marketing purpose (sending and receiving promotional communications and updates on the initiatives of the Controller and/or other companies of the Group; verification of the degree of satisfaction with the quality of the product/service provided, statistical and market research, studies, directly or through specialized companies, interviews or other means; to promote and manage placement initiatives), it is clarified that some of the Student’s personal data (namely name, surname, e-mail address…) may also be processed by the Controller for this purpose, namely so that the Controller may contact the Student by mail, e-mail, telephone (landline and/or mobile, using automated calling or call communication systems with and/or without the intervention of an operator) and/or SMS or other messaging systems to propose to the Student the purchase of products and/or services offered by the Controller itself and/or by third-party companies, present offers, promotions and commercial opportunities.

In the event of consent, the Student may revoke it at any time by submitting a request to the Controller using the contact methods indicated in paragraph 1 above.

The Student may also easily object to further sending of promotional communications by e-mail by clicking on the relevant link to revoke consent, which is present in each promotional e-mail. Once consent has been revoked, the Controller [will send the Student an e-mail message/will display to the student an on-screen message confirming successful unsubscription]. If the Student intends to revoke their consent to the sending of promotional communications by telephone, while continuing to receive promotional communications by e-mail, or vice versa, please send a request to the Controller using the methods indicated in paragraph 1 above.

The Controller informs that, following the exercise of the right to object to the sending of promotional communications by e-mail, it is possible that, for technical and operational reasons (e.g. preparation of contact lists already completed shortly before the Controller received the objection request), the Student may continue to receive some further promotional messages. If the Student continues to receive promotional messages after 24 hours have elapsed from the exercise of the right to object, please report the issue to the Controller, using the contacts indicated in paragraph 1 above.

Finally, if the Controller processes data belonging to special categories (for example, in the case of a Student with a disability or impairment), it will do so lawfully pursuant to art. 9, paragraph 2, letter a) of the GDPR, namely the explicit consent of the data subject, as well as art. 9, paragraph 2, letter f) to establish, exercise or defend a legal claim or whenever judicial authorities act in their judicial capacity, implementing appropriate safeguards for your fundamental rights and interests as well as applying suitable and adequate processing methods and security measures chosen by the Controller in accordance with and in compliance with the principle of accountability of the Controller provided for by the GDPR and, in any case, in compliance with any specific instruction and/or requirement provided by the Supervisory Authorities on the processing of personal data.

4. RECIPIENTS OF DATA COMMUNICATION

The Data will be communicated and may be known by: (i) employees and collaborators of the Controller, duly authorized to process them pursuant to art. 29 of the GDPR; (ii) third parties providing ancillary or instrumental services for the management of the Controller’s school activity, enrollment and registration requests, duly appointed as external data processors or independent controllers; (iii) third-party providers of IT services, IT consultancy, e-mail marketing, duly appointed as external data processors or independent controllers, for the management of internal IT systems, company management systems and the career platform, including the sending of electronic communications and newsletters; (iv) companies managing social network and/or instant messaging platforms for the possible publication of the Materials; and finally (v) consultants, as independent controllers, for the management of administrative and tax activities, for litigation management and for legal assistance in the event of any disputes for which their involvement may be necessary.

The Student may also request from the Controller the list of subjects who will act as data processors (in this case, they are appointed in writing by the Controller, pursuant to art. 28 of the GDPR, and will process personal data on behalf of the Controller) or as independent data controllers. In any other case, the Data will not be communicated to third parties, unless this is necessary to comply with requests from public authorities.

5. PLACE OF DATA PROCESSING

The processing of the Data will take place at the above-mentioned registered office of the Controller. The Data will be stored on servers and/or in physical archives located exclusively within the European Union. However, if the Data are transferred outside the European Union, the Controller will ensure that the transfer takes place in accordance with the GDPR and, in particular, in accordance with arts. 45 (Transfer on the basis of an adequacy decision) and 46 (Transfers subject to appropriate safeguards) of the GDPR.

In any case, no processing or transfer of the Data will be carried out outside the territory of the European Union or to countries that do not provide adequate guarantees for the protection of personal data. With regard to the publication of Images on social networks, further information on the management of personal data by these platforms is available in their terms and conditions of use.

6. PROCESSING METHODS, RETENTION PERIOD AND SECURITY MEASURES

The Controller will process the Data with and without the aid of electronic, IT or automated tools, adopting specific and adequate logical, organizational and technical security measures to prevent the loss of the Data or their unauthorized or unlawful use.

The Data will not be processed and stored for a period of time longer than strictly necessary to achieve the purposes for which they were collected. In particular, a period that allows: (i) the Student to attend the courses and lessons organized and provided by the Controller; (ii) the collection, organization and orderly storage of enrollment applications and releases; as well as (ii) the publication of the Materials also for promotional purposes.

More precisely:

  1. the image will be retained in the ways and for the times defined by the release referred to in article ix;
  2. the Data collected for the pursuit of the marketing purpose will be retained for the time strictly necessary to carry out the purposes described in paragraph 3 above and, in any case, until the Student revokes their consent and in any event for no more than 5 years;
  3. the Data contained in the enrollment and registration applications and in the releases will be retained for a period equal to that provided for by the rules on limitation periods, without prejudice to the need to protect the interests of the Controller and the Student in civil matters.

7. MANDATORY NATURE OF PROVIDING DATA

The provision of Data for the purposes referred to in paragraph 3 (i), (ii), (iii), (ix) and (x) is optional but necessary, since failure to provide them will make it impossible for the Student to submit the Application and perform the commitments undertaken therein.

In the case of Students affected by specific learning disorders, disabilities or impairments, the provision of certain data relating to the Student’s health status is optional but necessary, since, in the absence thereof, it will not be possible (a) to grant them any concessions, or (b) for teaching purposes, and therefore to allow the Controller to better organize logistics in the Student’s interest.

With reference to the marketing purpose (paragraph 3 (iv), (v), (vi), (vii) and (viii)), the provision of Data is purely optional; indeed, even in the event of refusal, the Student may still submit the Application and take the exams.

8. RIGHTS OF THE DATA SUBJECT

Data Subjects hold the rights granted by the GDPR. In particular, pursuant to arts. 15-22 of the GDPR, they have the right to request and obtain information regarding: (i) the origin of the personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic tools; (iv) the identification details of the controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as processors or persons in charge.

Furthermore, Students have the right to obtain:

  • access, updating, rectification or, where they have an interest, integration of the data;
  • erasure, transformation into anonymous form or restriction of data processed in breach of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;
  • confirmation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.

Furthermore, Students have:

  • the right to withdraw consent at any time, where the processing is based on their consent;
  • the right to data portability (the right to receive all personal data concerning them in a structured, commonly used and machine-readable format);
  • the right to object:

i) in whole or in part, on legitimate grounds, to the processing of personal data concerning them, even if relevant to the purpose of collection;

ii) in whole or in part, to the processing of personal data concerning them for the purposes of sending advertising material or direct sales or for carrying out market research or commercial communication;

iii) where personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for that purpose, including profiling to the extent that it is related to such direct marketing ;

  • if they believe that the processing concerning them violates the GDPR, the right to lodge a complaint with a Supervisory Authority (in the Member State where they habitually reside, where they work or where the alleged violation occurred). The Italian Supervisory Authority is the Italian Data Protection Authority, with headquarters at Piazza Venezia no. 11, 00187 – Rome (http://www.garanteprivacy.it/).

In order to exercise their rights, it is always possible to contact the Controller using the contact details indicated above.

keyboard_arrow_up